CVE-2025-59026
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Open-Xchange
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open-xchange | ox_app_suite | 8.35.108 |
| open-xchange | ox_app_suite | 8.41.60 |
| open-xchange | ox_app_suite | 8.39.84 |
| open-xchange | ox_app_suite | 8.38.90 |
| open-xchange | ox_app_suite | 8.41.61 |
| open-xchange | ox_app_suite | 8.35.107 |
| open-xchange | ox_app_suite | 8.40.68 |
| open-xchange | ox_app_suite | 8.40.69 |
| open-xchange | ox_app_suite | 8.38.89 |
| open-xchange | ox_app_suite | 8.39.83 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Deploy the provided updates and patch releases as recommended to mitigate this vulnerability.
Can you explain this vulnerability to me?
This vulnerability involves malicious content being uploaded as a file, which can then be used to execute script code when users follow attacker-controlled links. This allows attackers to perform unintended actions within the context of the user's account.
How can this vulnerability impact me? :
The vulnerability can lead to execution of unintended actions in the user's account context, including the exfiltration of sensitive information, potentially compromising user data and account integrity.